apm-audit-security
Audits APM dependencies for supply-chain safety — apm audit flags, the content-hash / cache-integrity / unicode-scan / drift-detection model, and audit as a CI gate. Use when verifying installed primitives are untampered, wiring audit into CI, stripping hidden characters, or checking for drift befor
Install
mkdir -p .claude/skills/apm-audit-security && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/16718" && unzip -o skill.zip -d .claude/skills/apm-audit-security && rm skill.zipInstalls to .claude/skills/apm-audit-security
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Audits APM dependencies for supply-chain safety — apm audit flags, the content-hash / cache-integrity / unicode-scan / drift-detection model, and audit as a CI gate. Use when verifying installed primitives are untampered, wiring audit into CI, stripping hidden characters, or checking for drift before committing.About this skill
APM Audit & Security
Overview
apm audit verifies that the primitives deployed in a repo match what the lockfile pinned,
and that no primitive hides malicious content. It's the check you run before trusting
installed context and the gate you run in CI. This skill covers the command and APM's
security model.
When to Use
- Verifying installed/deployed primitives are untampered
- Wiring an audit into CI as a merge gate
- Stripping hidden Unicode from a file
- Checking for drift before committing generated output
When NOT to use: installing/updating dependencies (apm-install-deps) or authoring
primitives (apm-author-primitive).
apm audit
apm audit # local: scan deployed files
apm audit --ci # CI gate: baseline checks + install-replay drift
apm audit --file <path> # scan an arbitrary file, not installed primitives
apm audit --strip # remove hidden characters in place
apm audit --strip --dry-run # preview strip changes, write nothing
apm audit --format json|sarif|markdown # machine-readable output (default: text)
apm audit --no-drift # skip install-replay in CI (faster, weaker)
apm audit --no-fail-fast # run all checks even after one fails
apm audit --policy <source> # evaluate org policy against the lockfile
The security model (4 parts)
-
Content-hash verification — on a fresh network fetch, APM computes a SHA-256 over the package file tree and compares it to
content_hashinapm.lock.yaml. On mismatch, the install aborts. Catches a tampered upstream. -
Cache-hit integrity — on every cache hit, APM reads the checkout's
.git/HEADand verifies it matches the lockfile'sresolved_commit. On mismatch, the cache entry is evicted and a fresh fetch runs. Catches a poisoned local cache. -
Unicode scanning — the pre-deploy scan inspects every primitive for hidden Unicode (zero-width characters, bidi controls, tag characters). Critical findings block the install (override only with
--force). Catches prompt-injection hidden in text. -
Drift detection — APM rebuilds the deployed context in a scratch directory and diffs it against your working tree, catching hand-edits to
apm_modules/or generated files before they ship.
CI gate
apm audit --ci runs a set of baseline checks plus install-replay drift detection:
lockfile-exists, ref-consistency, deployed-files-present, no-orphaned-packages,
skill-subset-consistency, config-consistency, content-integrity, includes-consent.
# CI step
- run: apm audit --ci --format sarif > apm-audit.sarif
Pair with apm install --frozen in CI so the lockfile — not the network — is authoritative.
Fixing findings
- Hidden Unicode:
apm audit --strip(preview with--dry-runfirst) to remove the characters, then re-audit. - Drift: you hand-edited a generated/deployed file. Move the change to its
.apm/source and re-deploy (apm install, orapm compilefor instruction files), or revert the edit — don't--forcepast it. - Content-hash / ref mismatch: the upstream or cache changed under a pinned ref. Investigate before re-pinning; only update the lockfile once you trust the new commit.
Related (not covered here)
Org-level allow/deny enforcement lives in apm-policy.yml (checked at install time as the
policy gate) — that's a separate concern from auditing; see the APM docs. This skill does
not cover policy authoring.
Red Flags
- Using
--forceto push past a critical Unicode finding instead of stripping/reviewing it. --no-driftin CI to make it pass faster — you lose install-replay drift detection.- Treating a content-hash mismatch as noise and re-pinning without investigating.
- No
apm auditin CI, so tampering / drift ships unnoticed.